Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

test_abort_accept_after_handshake times out on Fedora 33 #823

Closed
bhalevy opened this issue Oct 29, 2020 · 4 comments
Closed

test_abort_accept_after_handshake times out on Fedora 33 #823

bhalevy opened this issue Oct 29, 2020 · 4 comments
Assignees
@elcallio

Comments

@bhalevy
Copy link
Member

bhalevy commented Oct 29, 2020

After upgrading to Fedora 33, that installed kernel kernel 5.6.19-300.fc32.x86_64
I rebuilt seastar from scratch and ran the unit tests. All pass except for tls_test that times out consistently.
I added some BOOST_TEST_MESSAGEs and it turns out the read() call does not return:

seastar/tests/unit/tls_test.cc

Line 250 in d2c0df0

auto buf = in.read().get0();

@bhalevy
Copy link
Member Author

bhalevy commented Oct 29, 2020
edited
Loading

Reproduced with kernel 5.8.16-300.fc33.x86_64

The test passes when building and running in the scylla dbuild docker (image docker.io/scylladb/scylla-toolchain:fedora-32-20200910)
gcc version in dbuild is 10.2.1-1 while on my laptop it's 10.2.1-5
both have /usr/lib64/libgnutls.so -> libgnutls.so.30.28.1
and actually all the other dynamic libraries look the same.

@bhalevy
Copy link
Member Author

bhalevy commented Oct 29, 2020

Hmm, digging a bit deeper revealed a different glibc library version:

bhalevy@lt scylla$ ./tools/toolchain/dbuild -- ls -l /usr/lib64/libc.so.6
lrwxrwxrwx. 1 root root 12 Jul 16 05:27 /usr/lib64/libc.so.6 -> libc-2.31.so
bhalevy@lt scylla$ ls -l /usr/lib64/libc.so.6
lrwxrwxrwx. 1 root root 12 Aug  6 17:47 /usr/lib64/libc.so.6 -> libc-2.32.so

@bhalevy
Copy link
Member Author

bhalevy commented Nov 3, 2020

@avikivity wrote:

I traced this to

     if (status & GNUTLS_CERT_INVALID) {
         throw verification_error(

cert_status_to_string(gnutls_certificate_type_get(*this),
status));
}

My guess is that someone tightened the accepted encryption algorithms so
that the test certificates are no longer accepted.

@bhalevy
Copy link
Member Author

bhalevy commented Nov 3, 2020

@elcallio please look into this

avikivity pushed a commit that referenced this issue Nov 25, 2020
@avikivity
tls_test: Create test certs at build time
33a2831 
Refs #823
Fixes #823

Followup to "fast-fix" for #823. Instead of keeping binary
blobs, we should create the test certs in build.

This adds some cmake guck to set up custom targets, deps,
and changes the test to pick up certs from executable folder.

Removes the checked in certificates.

The cmake generation scripts are more generic than required,
simply to allow re-use for other purposes.

Adds openssl as a dependency, just for the build part. Could
use gnutls, but
a.) I am more versatile in openssl cert gen
b.) I don't know what gnutls cli utils are called on
    all platforms (differs). Safer with openssl. It is
    _always_ named openssl.

Message-Id: <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@elcallio elcallio

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@elcallio @bhalevy